Actions
Security #3168
closedtls: out of bounds read
Git IDs:
b32b4642212dac764ca67a5fce8c97394e199631
Severity:
Disclosure Date:
Description
==7789==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6060000031d6 at pc 0x555555dec3b7 bp 0x7fffffff8530 sp 0x7fffffff8528 READ of size 1 at 0x6060000031d6 thread T0 #0 0x555555dec3b6 in TLSDecodeHSHelloExtensionSupportedVersions /home/sirko/Projects/CI/fuzzing/_CPP/suricata/suricata-fuzzing.4.1.4/src/app-layer-ssl.c:962:42 #1 0x555555de8b1b in TLSDecodeHSHelloExtensions /home/sirko/Projects/CI/fuzzing/_CPP/suricata/suricata-fuzzing.4.1.4/src/app-layer-ssl.c:1224:23 #2 0x555555de33d3 in TLSDecodeHandshakeHello /home/sirko/Projects/CI/fuzzing/_CPP/suricata/suricata-fuzzing.4.1.4/src/app-layer-ssl.c:1353:11 #3 0x555555ddd4eb in SSLv3ParseHandshakeType /home/sirko/Projects/CI/fuzzing/_CPP/suricata/suricata-fuzzing.4.1.4/src/app-layer-ssl.c #4 0x555555dd903c in SSLv3ParseHandshakeProtocol /home/sirko/Projects/CI/fuzzing/_CPP/suricata/suricata-fuzzing.4.1.4/src/app-layer-ssl.c:1620:14 #5 0x555555dcb3b2 in SSLv3Decode /home/sirko/Projects/CI/fuzzing/_CPP/suricata/suricata-fuzzing.4.1.4/src/app-layer-ssl.c:2293:22 #6 0x555555dc3402 in SSLDecode /home/sirko/Projects/CI/fuzzing/_CPP/suricata/suricata-fuzzing.4.1.4/src/app-layer-ssl.c:2471:30 #7 0x555555d741f6 in AppLayerParserParse /home/sirko/Projects/CI/fuzzing/_CPP/suricata/suricata-fuzzing.4.1.4/src/app-layer-parser.c:1188:13 #8 0x555555d40898 in LLVMFuzzerTestOneInput /home/sirko/Projects/CI/fuzzing/_CPP/suricata/suricata-fuzzing.4.1.4/fuzzing/fuzz_app_ssl.c:103:3 #9 0x555556ce3832 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/sirko/Projects/CI/fuzzing/_CPP/suricata/suricata-fuzzing.4.1.4/fuzzing/playground/app_ssl/fuzz_app_ssl+0x178f832) #10 0x555556cd3da4 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/sirko/Projects/CI/fuzzing/_CPP/suricata/suricata-fuzzing.4.1.4/fuzzing/playground/app_ssl/fuzz_app_ssl+0x177fda4) #11 0x555556cdcace in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/sirko/Projects/CI/fuzzing/_CPP/suricata/suricata-fuzzing.4.1.4/fuzzing/playground/app_ssl/fuzz_app_ssl+0x1788ace) #12 0x555555c23d23 in main (/home/sirko/Projects/CI/fuzzing/_CPP/suricata/suricata-fuzzing.4.1.4/fuzzing/playground/app_ssl/fuzz_app_ssl+0x6cfd23) #13 0x7ffff6cb1ee2 in __libc_start_main (/usr/lib/libc.so.6+0x26ee2) #14 0x555555c23edd in _start (/home/sirko/Projects/CI/fuzzing/_CPP/suricata/suricata-fuzzing.4.1.4/fuzzing/playground/app_ssl/fuzz_app_ssl+0x6cfedd)
Updated by Victor Julien about 5 years ago
- Copied to Security #3169: tls: out of bounds read (5.x) added
Updated by Victor Julien about 5 years ago
- Status changed from Assigned to Closed
- Priority changed from High to Normal
- Private changed from Yes to No
Updated by Victor Julien about 4 years ago
- Tracker changed from Bug to Security
- CVE set to 2019-15699
- Git IDs updated (diff)
Actions